[keycloak-dev] federation commited need feedback
Stian Thorgersen
stian at redhat.com
Thu Jul 24 09:25:19 EDT 2014
Looks good. Only two comments from me:
1. FederationManager.getFederationProvider uses factories directly
Why is this? This will cause the provider instance not to be registered with the session, so won't be closed automatically when the session is closed, nor will it be able to attach to the transaction.
2. TOTP SPI (just related)
Once I've finished access code work I was going to start on TOTP SPI. I think a UserProvider should only be able to verify password credentials, and TOTP providers should be used to verify TOTP. I'll send a separate email about this tomorrow so we can discuss it in more detail, just a heads up.
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 23 July, 2014 10:33:12 PM
> Subject: [keycloak-dev] federation commited need feedback
>
> First iteration is commited. I still have a lot to do.
>
> * AuthenticationProvider currently co-exists with Federation. I will
> delete it after the review of FederationProvider.
> * UserModel is proxied. Some updates delegated to LDAP. Need to expand.
> * Still need to do admin console UI for federation
> * Still need to implement search and other queries for LDAP
> * Still need to test disjoint credential type storage.
>
> Feedback on unimplemented features for LDAP:
> * registration supported switch.
> * Importing username and email will be required. Everything else will
> be optional. That cool?
> * Modes for federation will be: READ_ONLY, SYNCED, and UNSYNCED.
> SYNCED will update LDAP on demand. UNSYNCED will store changes locally
> and require the user to handle synchronization themselves.
> * Going to have an import-attributes on/off switch. A keycloak->ldap
> attribute map will be required to be configured. If this switch is off,
> UserModel proxy will load attributes on demand.
>
>
> Questions:
> * Is ExternalModelAuthProvider actually a feature requested by users?
> I'd like to not have to do this. At least for 1.0.
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list